I was looking for the same functionality except through sshd. Problem is that you can use lrzsz to transfer files. If you don't have this installed its no problem using Lynx to go out and get it BTW.
-----Original Message-----
From: Michael Jinks
To: H. Wade Minter; [EMAIL PROTECTED]
Sent: 3/6/2001 7:29 PM
Subject: Re: Block scp, allow ssh?
"H. Wade Minter" wrote:
>
> So my question is: Is there any way, on a firewall-type level, to
block scp
> traffic, while allowing ssh and slogin? This would allow them to stop
file
> copies, but let secure shells go through.
At the firewall, I don't think so; my understanding is that scp is
really just a wrapper around ssh, and that to a router, ssh and scp are
going to look exactly the same.
What about setting up some kind of gateway/proxy service, such that
packets get encrypted at or before the firewall, but after the net nazis
have a chance to snoop them? Say, a single box which is allowed ssh
access past the firewall, but which only accepts connections via
telnet. Internal Security or HR is responsible for that box. Log all
command lines, log all network traffic to and from that box, but you
(and your company, which should care about this IMHO if they're that
paranoid about their data) gain the benefits of encryption outside the
private net.
Not an ideal solution but then neither is requiring telnet over ssh...
--
Michael Jinks mjinksATsysvi.com ~*~ http://www.yellow5.com/pokey/
unconfirmed: the linux penguin;the bsd daemon;the sunOS brain slug
